Active Directory, Group Policy, File Servers, SharePoint, and similar systems contain some of the most critical data businesses use. Contained within these systems are user accounts, access permissions, storage of sensitive documents, and more that must be protected from unauthorized access and use. Yet, for many companies, securing the data in these systems remains a major organizational challenge. Data security requires that IT and operations teams have a full inventory and understanding of what data they have, its sensitivity, where their critical and sensitive data resides, who/what is accessing it, and how itโs being accessed, etc. And visibility is just the first step. Baseline behavioral understanding of user access is the next important element in mitigating threats, but one that’s predicated on knowing the who, what, and how.
Data has been dubbed the “crown jewelsโ of business. While security experts might argue about where to place controls to protect that dataโdirectly around the data, at the endpoint, on the access permissionsโit is nonetheless the data that always falls to the center. An entire class of cyber security vendors is thus focused on data-centric security for file and folder systems, share sites, and directories. Among them is Lepide, a data threat detection vendor out of the UK.
Founded in 2015, Lepide had its beginnings in helping organizations understand what was happening in their Active Directory (AD). While AD includes native capabilities, Aidan Simister, co-founder and CEO of Lepide, says the enterprises with which they were speaking early on found native controls to be insufficient for securing data. As is consistent with above sentiments, โCompanies donโt have a clue where their sensitive data is and whatโs happening to their files and folders,โ he said during a recent briefing. He and his co-founders set out to build software to give companies visibility and control over data access, along with a way to measure data risk.
Look before you act
Currently delivered as on-premises software. Lepide consists of four modules: Lepide Insight Lepide Detect, Lepide Trust, and Lepide Identify. Following the basic tenets of the NIST Cybersecurity Framework, identification is the first component of the software. Upon deployment and integration with companiesโ SIEM, SOAR, AD, file shares, collaboration software, and more, Lepide automatically discovers data, checks its content for sensitive information (e.g., Social Security Numbers, email addresses, credit card information), tags it, and uncovers associated access permissions.
Next, via Trust, Lepide looks at access permissions and privileges to understand who has access to what, if those permissions/privileges are appropriate, and how they could be abused. Least privilege is baked into the analysis so admins can see where the problems are then remove unnecessary access to lessen risk. At the same time, Lepide Detect is analyzing user behavior and establishing baselines to understand anomalies, how data is accessed and used, when itโs copied/modified/used, when/if new sensitive data is added, and more. With this information, Detect can identify high-risk behaviors and administrative actions, determine deviations from the norm, and alert on risky or suspicious behavior.
An important part of this process, said Simister, is the data risk scoring incorporated in the platform, whereby admins can use the dashboard to view risk scores that are determined by the sensitivity of the data, the number of accounts with access, and associated access levels. This helps companies make better decisions about their data access and improve governance, said Simister.
The final piece of the Lepide puzzle is Insight, which is the audit and reporting component of the platform. Insight is especially valuable for auditing compliance and showing which parts of a companyโs infrastructure are at highest risk of data exposure. As such, the bulk of Lepideโs clients fall into highly regulated industries like healthcare, financial services, and legal, though any company concerned about data risk could take advantage of the platformโs capabilities.
Making data protection tangible
โWe built Lepide,โ said Simister, โbecause companies are struggling with the tangibility of their data and managing acceptable levels of risk. Itโs ridiculous that companies spend more and more on security and breaches still happenโand so many of the causes are preventable, like revoking unnecessary access to sensitive data. Our mission is to get our customers to a place where what really matters is the data.โ
Along those lines, one of the most impressive aspects of Lepide is their commitment to support services. While all the major players in the space offer support, Lepide never charges for professional services and will hold customersโ hands as little or as much as the customer requires. โIf a customer wants us to complete the entire install, weโll do it. If they want to call in everyday, thatโs fine with us. We want every customer to get the most value out of Lepide.โ
Another attractive aspect of the technology is its affordability and scalability. Lepide customers can save as much as 40% versus competitive platforms and donโt have to worry about managing expensive, complicated hardware. Overall, Lepide is a nice option for companies that want to efficiently uncover data risk throughout their environment. One area for growth is the addition of remediation capabilities. At present, companies must use third-party tools, albeit ones likely already deployed, to alter access permissions. The opportunity for Lepide is broader integration and/or building in native capabilities. But as a young, hungry company with a passionate leader, we anticipate it wonโt be long before additional features and functionality are market ready.
